Overview

overview

10

Static

static

1

Yiwaiwai B...64.msi

windows7-x64

6

Yiwaiwai B...64.msi

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Yiwaiwai Build Version-Windows电脑版-x64.msi.v

  • Size

    84.4MB

  • Sample

    240910-qt7b5axepe

  • MD5

    5a026114cd99d8de5a8316aa698f2fe6

  • SHA1

    7a518456e901cd4417ccebdcab519b51f1861e6c

  • SHA256

    c51f510516723dd1aa2b49fad8c2fe0c34de35cdb1870be2eb93ac4b2b24fd9d

  • SHA512

    91e3105c9ba72b6bc6a4ba29b9d961b90b0453977bb4a8eff71e6c9c6b92699e2b9510e79a9cdd1fb6f1e5cb7878477d71309f1fa33b095bb702f00935b2ecbd

  • SSDEEP

    1572864:snJk0D65s9Qj0GuXrrjk0f3oN4H/9dDdOFARIN3toxIt89hENhxcjtz/csBV2fx5:snJ1D65sG0GubE6KMfcAm5tJ1kF/cO2/

Score
10/10
gh0stratpurplefoxdiscoveryratrootkittrojan

Malware Config

Targets

    • Target

      Yiwaiwai Build Version-Windows电脑版-x64.msi.v

    • Size

      84.4MB

    • MD5

      5a026114cd99d8de5a8316aa698f2fe6

    • SHA1

      7a518456e901cd4417ccebdcab519b51f1861e6c

    • SHA256

      c51f510516723dd1aa2b49fad8c2fe0c34de35cdb1870be2eb93ac4b2b24fd9d

    • SHA512

      91e3105c9ba72b6bc6a4ba29b9d961b90b0453977bb4a8eff71e6c9c6b92699e2b9510e79a9cdd1fb6f1e5cb7878477d71309f1fa33b095bb702f00935b2ecbd

    • SSDEEP

      1572864:snJk0D65s9Qj0GuXrrjk0f3oN4H/9dDdOFARIN3toxIt89hENhxcjtz/csBV2fx5:snJ1D65sG0GubE6KMfcAm5tJ1kF/cO2/

    Score
    10/10
    discoverygh0stratpurplefoxratrootkittrojan

    • Detect PurpleFox Rootkit

      Detect PurpleFox Rootkit.

      rootkit

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • PurpleFox

      PurpleFox is an exploit kit used to distribute other malware families and first seen in 2018.

      rootkittrojanpurplefox

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks